Google to recruit hackers to hunt down future Heartbleed bugs

The bugs discovered by the researchers will be filed in an external database.

Google has launched 'Project Zero', with which it will recruit a team of talented hackers to discover vulnerabilities in Internet security that expose Internet users to cyber attacks.

The company said that the objective of the project is to reduce the number of Internet users harmed by targeted attacks.

Project Zero researchers will work to improve the security of any software depended upon by large numbers of people, probing into the techniques, targets and motivations of attackers.

The researchers will adopt standard approaches, such as locating and reporting large numbers of vulnerabilities, as well as conduct new research into mitigations, exploitation, programme analysis.

Google researcher herder Chris Evans said: "We're hiring the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet.

"Yet in sophisticated attacks, we see the use of 'zero-day' vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem."

If any bug is discovered by the researchers, it will be filed in an external database, while the bugs found in software will be notified to the vendor without disclosing to any third party.

Evans said: "Once the bug report becomes public (typically once a patch is available), you'll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces.

"We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time."